iPhone Forensics Analysis of iOS 5 backups : Part 2 – resources.infosecinstitute.com
In the first part of this article, we discussed the techniques to read iTunes backups. The following article discloses the procedure to extract protection class keys from the Backup Keybag and covers the techniques & the tools to decrypt the protected backup files and the encrypted backups.

Apple Details iOS Security Features in New Guide – threatpost.com
Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture.

Cisc0wn Cisco SNMP Script – commonexploits.com
I have created a new script that you might find useful. Cisc0wn is simply a bash script that pulls various tools and enumeration into one simple command for ease, so is not really a tool in itself.

Techniques

From LOW to PWNED [12] Trace.axd – carnal0wnage.attackresearch.com
“Trace.axd is an Http Handler for .Net that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order, where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file.”
http://www.ucertify.com/article/what-is-traceaxd.html

We Have the Port Scans, what now? – pentesticles.com
It’s been a while, I hope you’re good. I’m fine thanks, busy as sin but isn’t that always the way? So where did we leave off? From reading back through my previous post, we’d scanned our little guts out and pulled a list of all ports that were open and all the services that can be interacted with. Boy haven’t we been busy!

Yes, you can have fun with downloads – lcamtuf.blogspot.com
It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs; in more limited circumstances, even individual frames can be targeted. I discuss the consequences of this behavior in The Tangled Web – and several months ago, I shared this amusing proof-of-concept illustrating the perils of this logic.

Tiny 64-bit ELF executables – blog.markloiseau.com
A while back, Brian Raiter wrote an excellent guide to ELF executables called “A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux.” It outlines some of the things that contribute to overhead in ELF executables, and goes to great lengths to make the smallest-possible ELF program.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.